diff options
Diffstat (limited to 'web/html/addvote.php')
-rw-r--r-- | web/html/addvote.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php index dd1f47b..d3bd7d4 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -19,7 +19,11 @@ if (isset($_COOKIE["AURSID"])) { if ($atype == "Trusted User" || $atype == "Developer") { - if (!empty($_POST['addVote'])) { + if (!empty($_POST['addVote']) && !check_token()) { + $error = __("Invalid token for user action."); + } + + if (!empty($_POST['addVote']) && check_token()) { $error = ""; if (!empty($_POST['user'])) { @@ -79,6 +83,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { <b><?php print __("Proposal") ?></b><br /> <textarea name="agenda" rows="15" cols="80"><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br /> <input type="hidden" name="addVote" value="1" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> <input type="submit" class="button" value="<?php print __("Submit"); ?>" /> </p> </form> |